So I installed libssl-dev using apt-get and after that, compilation succeeded.

So let's check out some of the tools that come with the toolkit.

Right now I have two netbooks for testing and an OpenWRT router. The router has an IPv6 tunnel with SixXS and also an IPv6 subnet assigned to it, which is advertised by radvd to the local network. Both netbooks receive the router advertisements and thus automatically configure themselves with a routable IPv6 address from that subnet, in addition to their automatically configured link local address.

The following tools are included in the IPv6 Attack Toolkit (copied from the README file):

- fake_mld6: announce yourself in a multicast group of your choice on the net

- fake_mld26: same but for MLDv2

- fake_mldrouter6: fake MLD router messages

- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication

- fake_advertiser6: announce yourself on the network

- smurf6: local smurfer

- rsmurf6: remote smurfer, known to work only against linux at the moment

- exploit6: known ipv6 vulnerabilities to test against a target

- denial6: a collection of denial-of-service tests againsts a target

- thcping6: sends a hand crafted ping6 packet

- sendpees6: a tool by willdamn@gmail.com, which generates a neighbor

solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the

CPU busy. nice.

Just run the tools without options and they will give you help and show the

command line options.

I'll only cover some of these here: - detect-new-ip6 - alive6- parasite6- trace6

detect-new-ip6

This tool comes in handy if you want to monitor your network for new IPv6 nodes to become alive.I started this on one netbook and then connected the second netbook to the LAN. This is the output of the commands (addresses obfuscated):

Syntax: parasite6 interface [fake-mac]This is an "ARP spoofer" for IPv6, redirecting all local traffic to your ownsystem (or nirvana if fake-mac does not exist) by answering falsely to Neighbor Solitication requestsroot@dirtybox:/home/me/Downloads/thc-ipv6-1.4# parasite6 eth0Remember to enable routing (ip_forwarding), you will denial service otherwise!Started ICMP6 Neighbor Solitication Interceptor (Press Control-C to end) ...Spoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7dSpoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxxx:xxx:xxxx:40bcSpoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7dSpoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxxx:xxx:xxxx:40bcSpoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7dSpoofed packet to fe80::xxxx:xxxx:xxxx:5f77 as 2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7d

Of course I forgot to enable ip_forwarding so I DoSed the target machine. ;-)But I was able to sniff the traffic coming from and destined to that machine:

The reply did not get through to the target box, though, which is understandable.However after that I was for some reason not able to reproduce that first success and had all kinds of issues when forwarding was enabled. As soon as I've enabled forwarding, I wasn't able any more to connect to the internet from that box and hijacking the traffic of the other machine did not work as well. I have no firewall rules enabled right now so it must be a routing issue.And I haven't understood how routing works for IPv6 in a fully automatic environment with a routing advertising daemon on the default router. I'll get back to that in another issue of this series of articles.

trace6

Kind of what you'd expect from the name but faster than traceroute6 and with options comparable to tcptraceroute:

AmapAmap, another tool that I've tested, is not part of the IPv6 attack toolkit but also very promising because it supports stuff that Nmap does not support for IPv6 right now, like UDP scans.But I had some issues with that tool - it reports ports to be open on a remote machine that are actually not open on that remote machine but on the local machine. So either I am doing something wrong or amap does something wrong.

Total amount of tasks to perform in plain connect mode: 65535Port on [2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7d]:22/tcp is OPENPort on [2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7d]:631/tcp is OPENPort on [2001:xxxx:xxxx:x:xxx:xxxx:xxxx:fe7d]:51399/tcp is OPEN

So again it seems I have no idea about what I am actually doing. ;-)But I'm learning a lot in the process of trial and error and reading up stuff. There is a lot of great documentation out there, but some details are not documented that well or I haven't found it, yet. For example I still haven't understood how routing works when the router has advertised itself to the hosts on a network while ip -6 route prints out a link local address as the default IPv6 gateway. Kind of irritating. And why doesn't the route to the internet function any more on my attacking machine when I've enabled forwarding? Many questions. I am feeling like I'm ten years back when I first grasped how routing worked for IPv4.

Again, feel free to comment, correct and explain. I hope this series of articles helps some of you and I also hope that some of you who are more advanced in the topic can help me out, too.